001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.PropsKeys;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
028 import com.liferay.portal.service.UserLocalServiceUtil;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PrefsPropsUtil;
031 import com.liferay.portal.util.PropsValues;
032 import com.liferay.portal.util.WebKeys;
033
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036 import javax.servlet.http.HttpSession;
037
038
044 public class CASAutoLogin extends BaseAutoLogin {
045
046
049 protected User addUser(long companyId, String screenName) throws Exception {
050 return PortalLDAPImporterUtil.importLDAPUser(
051 companyId, StringPool.BLANK, screenName);
052 }
053
054 @Override
055 protected String[] doHandleException(
056 HttpServletRequest request, HttpServletResponse response, Exception e) {
057
058 HttpSession session = request.getSession();
059
060 if (e instanceof NoSuchUserException) {
061 session.removeAttribute(WebKeys.CAS_LOGIN);
062
063 session.setAttribute(
064 WebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE);
065 }
066
067 _log.error(e, e);
068
069 return null;
070 }
071
072 @Override
073 protected String[] doLogin(
074 HttpServletRequest request, HttpServletResponse response)
075 throws Exception {
076
077 HttpSession session = request.getSession();
078
079 long companyId = PortalUtil.getCompanyId(request);
080
081 if (!PrefsPropsUtil.getBoolean(
082 companyId, PropsKeys.CAS_AUTH_ENABLED,
083 PropsValues.CAS_AUTH_ENABLED)) {
084
085 return null;
086 }
087
088 String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
089
090 if (Validator.isNull(login)) {
091 Object noSuchUserException = session.getAttribute(
092 WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
093
094 if (noSuchUserException == null) {
095 return null;
096 }
097
098 session.removeAttribute(WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
099
100 session.setAttribute(WebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE);
101
102 String redirect = PrefsPropsUtil.getString(
103 companyId, PropsKeys.CAS_NO_SUCH_USER_REDIRECT_URL,
104 PropsValues.CAS_NO_SUCH_USER_REDIRECT_URL);
105
106 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
107
108 return null;
109 }
110
111 String authType = PrefsPropsUtil.getString(
112 companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
113 PropsValues.COMPANY_SECURITY_AUTH_TYPE);
114
115 User user = null;
116
117 if (PrefsPropsUtil.getBoolean(
118 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
119 PropsValues.CAS_IMPORT_FROM_LDAP)) {
120
121 try {
122 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
123 user = PortalLDAPImporterUtil.importLDAPUser(
124 companyId, StringPool.BLANK, login);
125 }
126 else {
127 user = PortalLDAPImporterUtil.importLDAPUser(
128 companyId, login, StringPool.BLANK);
129 }
130 }
131 catch (SystemException se) {
132 }
133 }
134
135 if (user == null) {
136 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
137 user = UserLocalServiceUtil.getUserByScreenName(
138 companyId, login);
139 }
140 else {
141 user = UserLocalServiceUtil.getUserByEmailAddress(
142 companyId, login);
143 }
144 }
145
146 String redirect = ParamUtil.getString(request, "redirect");
147
148 if (Validator.isNotNull(redirect)) {
149 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
150 }
151
152 String[] credentials = new String[3];
153
154 credentials[0] = String.valueOf(user.getUserId());
155 credentials[1] = user.getPassword();
156 credentials[2] = Boolean.TRUE.toString();
157
158 return credentials;
159 }
160
161 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
162
163 }